72 matches found
EUVD-2018-10212
Malware in sbrugna...
EUVD-2011-0767
Malware in sbrugna...
EUVD-2021-25611
Malware in sbrugna...
EUVD-2016-4748
Malware in sbrugna...
CVE-2021-39249
Invision Community aka IPS Community Suite or IP-Board before 4.6.5.1 allows reflected XSS because the filenames of uploaded files become predictable through a brute-force attack against the PHP mtrand function...
CVE-2016-3735
Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmtrand in order to generate password reset tokens. mtrand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an...
GHSA-XG9W-R469-M455 ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
In Zend Framework 2, the Zend\Math\Rand component generates random bytes using the OpenSSL or Mcrypt extensions when available but will otherwise use PHP's mtrand function as a fallback. All outputs from mtrand are predictable for the same PHP process if an attacker can brute force the seed used ...
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
In Zend Framework 2, the Zend\Math\Rand component generates random bytes using the OpenSSL or Mcrypt extensions when available but will otherwise use PHP's mtrand function as a fallback. All outputs from mtrand are predictable for the same PHP process if an attacker can brute force the seed used ...
Use of predictable RNG for password generation
Description pkp-lib implements a password-generation function with the following line of code being integral to its functionality: PHP for ... $password .= mtrand1, 4 == 4 ? $numbersmtrand0, strlen$numbers - 1 : $lettersmtrand0, strlen$letters - 1; This relies upon mtrandlow, high; to generate a...
SUSE CVE-2011-0755
Integer overflow in the mtrand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mtgetrandmax...
Insecure Random Number Generator
phpservermon/phpservermon uses an insecure random number generator. The vulnerability exists because of the insecure mtrand random number generator function in the loginWithCookieData function of User.php, allowing an attacker to guess the strings it generates...
GHSA-382V-GXJ9-FFHC Moodle uses predictable password-recovery tokens
lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mtrand function to implement the randomstring and complexrandomstring functions, which makes it easier for remote attackers to predict password-recovery tokens via a...
CVE-2016-3735
Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmtrand in order to generate password reset tokens. mtrand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an...
CVE-2016-3735
Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmtrand in order to generate password reset tokens. mtrand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an...
Design/Logic Flaw
Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmtrand in order to generate password reset tokens. mtrand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an...
CVE-2016-3735
CVE-2016-3735 affects Piwigo, a PHP-based image gallery. The root issue is that when a host criteria is not met, Piwigo uses mt_rand to generate password reset tokens, and the output can be predicted once the seed is known. This enables an unauthenticated attacker who knows an administrator’s ema...
GHSA-X7G2-WRRP-R6H3 Use of a Broken or Risky Cryptographic Algorithm
✍️ Description The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are...
Insecure Cryptographic Function
mautic/core has insecure cryptographic function. An attacker may exploit the pseudorandomness of the function mtrand and enumerate session tokens...
CVE-2021-27913
The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under...
CVE-2021-27913
The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under...